Another Trojan hits Mac OS X

From a Slashdot article posted by "kdawson", written by "Don't Believe in Imaginary Property": "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user.

"F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerabilityto get root access when run by the user. The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer. Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password."

Interesting, we already knew about the first, we've covered it here. This second, while it relies on social engineering, is an interesting attack. Due to the way the Mac requests the password for privilege elevation, it would seem that a user could be fairly easily convinced here. I'm not saying we should scrap the ask for password to elevate privilege though... but maybe a re-think? What if it also required a random value to be appended to your password that would be displayed when elevating privilege? Sort of like the CAPTCHA concept.

Maybe that's overkill, maybe not. I guess we'll have to see how useful this type of attack is to hackers.